发布求助
文献互助 智能选刊 最新文献

2023 Silicon Valley Cybersecurity Conference (SVCC)最新文献

筛选
英文 中文
Guard Cache: Creating False Cache Hits and Misses To Mitigate Side-Channel Attacks 保护缓存:创建错误的缓存命中和错过,以减轻侧通道攻击
2023 Silicon Valley Cybersecurity Conference (SVCC) Pub Date : 2023-05-17 DOI: 10.1109/SVCC56964.2023.10165527
Fernando Mosquera, K. Kavi, Gayatri Mehta, L. John
{"title":"Guard Cache: Creating False Cache Hits and Misses To Mitigate Side-Channel Attacks","authors":"Fernando Mosquera, K. Kavi, Gayatri Mehta, L. John","doi":"10.1109/SVCC56964.2023.10165527","DOIUrl":"https://doi.org/10.1109/SVCC56964.2023.10165527","url":null,"abstract":"Cache side-channel attacks have exposed serious security vulnerabilities in modern architectures. These attacks rely on measuring cache access times to determine if an access to an address is a hit or a miss in the cache. Such information can be used to identify which addresses were accessed by the victim, which in turn can be used to reveal or at least guess the information accessed by the victim. Mitigating the attacks while preserving the performance has been a challenge. The hardware mitigation techniques used in the literature include complex cache indexing mechanisms, partitioning cache memories, and hiding or undoing the effects of speculation. In this paper, we present a Guard Cache to obfuscate cache timing, making it more difficult for cache timing attacks to succeed. We create false cache hits by using the Guard Cache as a Victim Cache, and false cache misses by randomly evicting cache lines. Our obfuscations can be turned-on and turned-off on demand to protect critical sections or randomly to further obfuscate cache access times. We show that our false hits cause very minimal performance penalties ranging between −0.2% to 3.0% performance loss, while false misses can cause higher performance losses. We also show that our approach causes different number of cache hits and misses and different addresses causing misses when compared to traditional caches, demonstrating that common side-channel attacks such as Prime & Probe, Flush & Reload or Evict & Time are likely to misinterpret victims’ memory accesses. We use very small Guard Caches (1KiB-2KiB at L1 or 2KiB-4KiB at L2) requiring very minimal additional hardware. The hardware needed for random evictions is also minimal.","PeriodicalId":243155,"journal":{"name":"2023 Silicon Valley Cybersecurity Conference (SVCC)","volume":"70 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129139779","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Autonomous Lending Organization on Ethereum with Credit Scoring 具有信用评分的以太坊自治借贷组织
2023 Silicon Valley Cybersecurity Conference (SVCC) Pub Date : 2023-05-17 DOI: 10.1109/SVCC56964.2023.10164922
Thomas H. Austin, Katerina Potika, C. Pollett
{"title":"Autonomous Lending Organization on Ethereum with Credit Scoring","authors":"Thomas H. Austin, Katerina Potika, C. Pollett","doi":"10.1109/SVCC56964.2023.10164922","DOIUrl":"https://doi.org/10.1109/SVCC56964.2023.10164922","url":null,"abstract":"We propose the Autonomous Lending Organization on Ethereum (ALOE) system, which enables unsecured borrowing of funds on Ethereum. We incorporate a credit scoring approach that extends in the DeFi world the one that is used by traditional banks in order to quantify the risk of a borrower defaulting on a loan. As part of the loan process, first, we have a registration phase, where a notary verifies the real identity of a borrower and delegates to a set of auditors the task of storing a share of the real identity of a borrower to an Ethereum account while preserving anonymity. In the next phase, the Credit Bureau Smart Contract connects lenders to borrowers and updates credit scores. We automatically compute and update credit scores on-chain using the k-nearest neighbors algorithm.","PeriodicalId":243155,"journal":{"name":"2023 Silicon Valley Cybersecurity Conference (SVCC)","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121586583","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
OFMCDM/IRF: A Phishing Website Detection Model based on Optimized Fuzzy Multi-Criteria Decision-Making and Improved Random Forest OFMCDM/IRF:基于优化模糊多准则决策和改进随机森林的钓鱼网站检测模型
2023 Silicon Valley Cybersecurity Conference (SVCC) Pub Date : 2023-05-17 DOI: 10.1109/SVCC56964.2023.10165344
Md. Abdullah Al Ahasan, Mengjun Hu, Nashid Shahriar
{"title":"OFMCDM/IRF: A Phishing Website Detection Model based on Optimized Fuzzy Multi-Criteria Decision-Making and Improved Random Forest","authors":"Md. Abdullah Al Ahasan, Mengjun Hu, Nashid Shahriar","doi":"10.1109/SVCC56964.2023.10165344","DOIUrl":"https://doi.org/10.1109/SVCC56964.2023.10165344","url":null,"abstract":"With increasing social and financial activities on the web, phishing has become one of the most critical threats in cybersecurity. Many methods have been proposed to identify phishing websites, such as fuzzy logic, neural networks, data mining, heuristic-based phishing detection, and machine learning. On the other hand, phishers develop more sophisticated techniques, decreasing the efficacy of the existing methods. This paper proposes a phishing detection model based on optimized Fuzzy Multi-Criteria Decision-Making (OFMCDM) and Improved Random Forest (IRF). The model utilizes Uniform Resource Locator (URL) and Hypertext Markup Language (HTML) features to prevent sharing users’ sensitive information such as username, password, social security, or credit card number. Our experiments show competitive results from our models compared to existing models, including Naive Bayes (NB), Logistic Regression (LR), K-Nearest Neighbor (KNN), and Decision Tree.","PeriodicalId":243155,"journal":{"name":"2023 Silicon Valley Cybersecurity Conference (SVCC)","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122955080","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Trustworthy of Implantable Medical Devices using ECG Biometric 使用心电生物识别技术的植入式医疗器械的可靠性
2023 Silicon Valley Cybersecurity Conference (SVCC) Pub Date : 2023-05-17 DOI: 10.1109/SVCC56964.2023.10164853
Nima Karimian, Sara Tehranipoor, Thomas Lyp
{"title":"Trustworthy of Implantable Medical Devices using ECG Biometric","authors":"Nima Karimian, Sara Tehranipoor, Thomas Lyp","doi":"10.1109/SVCC56964.2023.10164853","DOIUrl":"https://doi.org/10.1109/SVCC56964.2023.10164853","url":null,"abstract":"Implantable medical devices (IMD) such as pace-makers, and cardiac defibrillators are becoming increasingly interconnected to networks for remote patient monitoring. However, networked devices are vulnerable to external attacks that could allow adversaries to gain unauthorized access to devices/data and break patient privacy. To design a lightweight computational trustworthy of IMD, we propose novel ECG-based biometric authentication using lift and shift method based on post-processing data from the noise generated in an ECG signal recording. The lift and shift method is an ideal addition to this system because it is a quick, lightweight process that produces enough random bits for encrypted communication. ECG is a signal that is already being measured by the IMD, so this ECG biometric could utilize the data that is already being actively recorded. We provide a comprehensive evaluation across multiple NIST tests, as well as ENT and Dieharder statistical suites test.","PeriodicalId":243155,"journal":{"name":"2023 Silicon Valley Cybersecurity Conference (SVCC)","volume":"29 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124137098","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Malware Detection through Contextualized Vector Embeddings 基于情境化向量嵌入的恶意软件检测
2023 Silicon Valley Cybersecurity Conference (SVCC) Pub Date : 2023-05-17 DOI: 10.1109/SVCC56964.2023.10165170
Vinay Pandya, Fabio Di Troia
{"title":"Malware Detection through Contextualized Vector Embeddings","authors":"Vinay Pandya, Fabio Di Troia","doi":"10.1109/SVCC56964.2023.10165170","DOIUrl":"https://doi.org/10.1109/SVCC56964.2023.10165170","url":null,"abstract":"Detecting malware is an integral part of system security. In recent years, machine learning models have been applied with success to overcome this challenging problem. The aim of this research is to apply context-dependent word embeddings to classify malware. We extract opcodes from the malware samples and use them to generate the embeddings that train the classifiers. Transformers are a novel architecture that utilizes self-attention to handle long-range dependencies. Different transformer architectures, namely, BERT, DistilBERT, AIBERT, and RoBERTa, are implemented in this work to generate context-dependent word embeddings. Apart from using transformer models, we also experimented with ELMo, a bidirectional language model which can generate contextualized opcode embeddings. These embeddings are used to train our machine learning models in classifying samples from different malware families. We compared our contextualized results with context-free embeddings generated by Word2Vec, and HMM2Vec algorithms. The classification algorithms trained on our embeddings consist of Resnet-18 CNN, Random Forest, Support Vector Machines (SVMs), and k-Nearest Neighbours (k-NNs).","PeriodicalId":243155,"journal":{"name":"2023 Silicon Valley Cybersecurity Conference (SVCC)","volume":"312 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121302242","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
BlockNIC: SmartNIC assisted Blockchain BlockNIC: SmartNIC辅助区块链
2023 Silicon Valley Cybersecurity Conference (SVCC) Pub Date : 2023-05-17 DOI: 10.1109/SVCC56964.2023.10165427
Eish Kapoor, Gavin Jampani, Sean Choi
{"title":"BlockNIC: SmartNIC assisted Blockchain","authors":"Eish Kapoor, Gavin Jampani, Sean Choi","doi":"10.1109/SVCC56964.2023.10165427","DOIUrl":"https://doi.org/10.1109/SVCC56964.2023.10165427","url":null,"abstract":"While the use of blockchain has proliferated across the world in many industries and application, blockchains are known to cause an ever-increasing environmental footprints due to their huge energy and hardware requirement. In order to solve a similar issue, SmartNIC, a programmable network interface card, is recently gaining traction to reduce CPU and hardware usage in the data centers by providing a way to perform relatively simple computation directly on the network. Given such characteristics, in this paper, we present our world-first blockchain infrastructure that runs completely on SmartNICs called BlockNIC. As BlockNIC runs completely on the network path on an hardware that is relatively idle, it runs without needing any extra hardware or even the host CPU. Given the infrastructure, we compare the performance of the SmartNIC in terms of hashing and consensus work against a bare-metal server. The results are extremely encouraging because they point to a unique opportunity to create scalable, secure and environmentally friendly next generation blockchain infrastructure.","PeriodicalId":243155,"journal":{"name":"2023 Silicon Valley Cybersecurity Conference (SVCC)","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116539923","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Lightweight and Effective Website Fingerprinting Over Encrypted DNS 轻量级和有效的网站指纹加密DNS
2023 Silicon Valley Cybersecurity Conference (SVCC) Pub Date : 2023-05-17 DOI: 10.1109/SVCC56964.2023.10165086
Yong Shao, K. Hernandez, Kia-Min Yang, Eric Chan-Tin, M. Abuhamad
{"title":"Lightweight and Effective Website Fingerprinting Over Encrypted DNS","authors":"Yong Shao, K. Hernandez, Kia-Min Yang, Eric Chan-Tin, M. Abuhamad","doi":"10.1109/SVCC56964.2023.10165086","DOIUrl":"https://doi.org/10.1109/SVCC56964.2023.10165086","url":null,"abstract":"The DNS over HTTPS (DoH) protocol is implemented to improve the original DNS protocol that uses unencrypted DNS queries and responses. With the DNS traffic, an eavesdropper can easily identify websites that a user is visiting. In order to address this concern of web privacy, encryption is used by performing a DNS lookup over HTTPS. In this paper, we studied whether the encrypted DoH traffic could be exploited to identify websites that a user has visited. This is a different type of website fingerprinting by analyzing encrypted DNS network traffic rather than the network traffic between the client and the web server. DNS typically uses fewer network packets than a website download. Our model and algorithm can accurately predict one out of 10, 000 websites with a 95% accuracy using the first 50 DoH packets. In the open-world environment with 100, 000 websites, our model achieves an F1-score of 93%.","PeriodicalId":243155,"journal":{"name":"2023 Silicon Valley Cybersecurity Conference (SVCC)","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129071441","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Curriculum Framework for Autonomous Network Defense using Multi-agent Reinforcement Learning 基于多智能体强化学习的自主网络防御课程框架
2023 Silicon Valley Cybersecurity Conference (SVCC) Pub Date : 2023-05-17 DOI: 10.1109/SVCC56964.2023.10165310
Roberto G. Campbell, M. Eirinaki, Younghee Park
{"title":"A Curriculum Framework for Autonomous Network Defense using Multi-agent Reinforcement Learning","authors":"Roberto G. Campbell, M. Eirinaki, Younghee Park","doi":"10.1109/SVCC56964.2023.10165310","DOIUrl":"https://doi.org/10.1109/SVCC56964.2023.10165310","url":null,"abstract":"Early threat detection is an increasing part of the cybersecurity landscape given the growing scale and scope of cyberattacks in the recent years. Increasing exploitation of software vulnerabilities, especially in the manufacturing sector, demonstrates the ongoing need for autonomous network defense. In this work, we model the problem as a zero-sum Markov game between an attacker and defender reinforcement learning agents. Previous methods test their approach on a single topology or limit the agents to a subset of the network. However, real world networks are rarely fixed and often add or remove hosts based on demand, link failures, outages, or other factors. We consider two types of topologies: static topologies that remain fixed throughout training and a dynamic topology curriculum. The proposed robust training curriculum incorporates network topologies to build more general, capable agents. We also use Proximal Policy optimization (PPO) which offers a good balance of computational complexity and convergence speed. We evaluate various threat scenarios in terms of the exploitability and impact and conclude that the curriculum improves the defender’s win rate over training on a static topology by exposing the agent to more challenging environments over time.","PeriodicalId":243155,"journal":{"name":"2023 Silicon Valley Cybersecurity Conference (SVCC)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129184109","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Multivariate Time Series Anomaly Detection with Deep Learning Models Leveraging Inter-Variable Relationships 利用变量间关系的深度学习模型的多变量时间序列异常检测
2023 Silicon Valley Cybersecurity Conference (SVCC) Pub Date : 2023-05-17 DOI: 10.1109/SVCC56964.2023.10165468
Changmin Seong, Dongjun Lim, Jiho Jang, Jonghoon Lee, Jong-Geun Park, Yun-Gyung Cheong
{"title":"Multivariate Time Series Anomaly Detection with Deep Learning Models Leveraging Inter-Variable Relationships","authors":"Changmin Seong, Dongjun Lim, Jiho Jang, Jonghoon Lee, Jong-Geun Park, Yun-Gyung Cheong","doi":"10.1109/SVCC56964.2023.10165468","DOIUrl":"https://doi.org/10.1109/SVCC56964.2023.10165468","url":null,"abstract":"This paper presents a system for multivariate time series anomaly detection using deep learning, with an added module to reflect variable relationships. The system uses an autoencoder to extract latent variables that reflect the time series characteristics of the variables, and calculates variable importance using the similarities among the variables. To evaluate the proposed method, experiments were conducted using three similarity measures: cosine similarity, distance correlation, and DTW. Four time series datasets were used for evaluation, and the results showed that the proposed model outperformed the baseline model in HAI 22.04 and HAI 21.03 datasets. For the WADI dataset, the Fl-score improved only when using cosine similarity, while the TaPR-Fl score improved only when using DTW. However, no performance improvement was observed in the SWaT dataset. These results suggest that the effectiveness of utilizing inter-variable relationships is dependent on the characteristics of the data and the similarity calculation method employed. Therefore, a careful selection of the appropriate similarity calculation method for a given dataset is necessary to achieve optimal performance improvements.","PeriodicalId":243155,"journal":{"name":"2023 Silicon Valley Cybersecurity Conference (SVCC)","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129723092","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Privacy-Preserving Trust Management For Vehicular Communications and Federated Learning 车辆通信和联邦学习的隐私保护信任管理
2023 Silicon Valley Cybersecurity Conference (SVCC) Pub Date : 2023-05-17 DOI: 10.1109/SVCC56964.2023.10165137
S. Byun, Arijet Sarker, Ken Lew, J. Kalita, Sang-Yoon Chang
{"title":"Privacy-Preserving Trust Management For Vehicular Communications and Federated Learning","authors":"S. Byun, Arijet Sarker, Ken Lew, J. Kalita, Sang-Yoon Chang","doi":"10.1109/SVCC56964.2023.10165137","DOIUrl":"https://doi.org/10.1109/SVCC56964.2023.10165137","url":null,"abstract":"Cellular networking is evolving as a wireless technology to support a wide range of applications in vehicular communication. Cellular technologies enable vehicles to communicate with many applications to improve driving experience. All of these applications are not under the administration of the same authority. Secure Credential Management System (SCMS) is a Public Key Infrastructure (PKI) which provides certificates to vehicles to preserve vehicular privacy and supports many vehicular applications such as Basic Safety Messages (BSMs), misbehavior reporting, etc. On the other hand, privacy-preserving applications like federated learning (used to enable data-driven machine learning for better self-driving experience while protecting the vehicular data privacy) are outside of this SCMS-managed vehicular network and have separate PKI structure managed by a different authority. Since the trust management and PKI for vehicular vs. federated learning have been studied and developed separately, there is a need to establish trust between these two PKIs for secure communication between vehicles and Federated Learning Servers (FLSs). In this work, we demonstrate and analyze how these two orthogonal PKIs can establish trust with each other and thus, the end entities (vehicles and FLSs) can securely communicate with each other in an efficient manner to maintain vehicular privacy utilizing SCMS.","PeriodicalId":243155,"journal":{"name":"2023 Silicon Valley Cybersecurity Conference (SVCC)","volume":"173 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124218610","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信